390 likes | 864 Views
Encryption. TOPICS. Objectives RC4 DES 3DES AES. Objectives. To understand the process of encryption and strong encryption algorithms. Key Encryption Process. Block Ciphers vs Stream Cipher. Block ciphers – ie. DES, 3DES, AES
E N D
TOPICS • Objectives • RC4 • DES • 3DES • AES
Objectives • To understand the process of encryption and strong encryption algorithms.
Block Ciphers vs Stream Cipher • Block ciphers – ie. DES, 3DES, AES • Message is broken into blocks, each of which is then encrypted • Operate with a fixed transformation on large blocks of plaintext data • Stream ciphers – ie. RC4 • Process the message bit by bit (as a stream) • Operate with a time-varying transformation on individual plaintext digits
Confusion vs Diffusion • Confusion: to make the relation between the plaintext and the ciphertext as complex as possibe • Caesar ciphers have poor confusion • Polyalphabetic substitutions and Vernam cipher have good confusion • Diffusion: to spread the influence of the individual plaintext characters over as much of the ciphertext as possible, therefore hiding • Substitution ciphers • Transposition ciphers
RC4 • RC4 was designed by Ron Rivest of RSA Security in 1987, it is officially termed “Rivest Cipher 4”. • RC4 algorithm is capable of key lengths of up to 256 bits and is typically implemented in 64 bits, 128 bits and 256 bits. • RC4 is used in WEP, TKIP, Secure Sockets Layer (SSL) , (TLS) Transport Layer Security
Data Encryption Standard (DES) • Most widely-used secret-key encryption method • Originally developed by IBM in 1970s, later adopted by U.S. government in 1977 • Encrypts 64-bit plaintext using a 56-bit key • Relatively inexpensive to implement in hardware and widely available • Largest users: financial transactions, PIN code generation, etc.
DES Algorithm 64-bit plaintext is divided into two halves. left half and right half, 32 bits each. 16 rounds. This example shows one half.
Feistel Function • Expansion • Key Mixing • Substitution • Permutation
3DES Encryption Process Plaintext Key 1 Key 2 Key 3 Ciphertext
Advanced Encryption StandardAES ENCRYPTION • Rijndael is the selected (NIST competition) algorithm for AES (advanced encryption standard). • Now standardized as FIPS-197 • It is a block cipher algorithm, operating on blocks of data. • It needs a secret key, which is another block of data.
AES ENCRYPTION • Performs encryption and the inverse operation, decryption (using the same secret key). • It reads an entire block of data, processes it in rounds and then outputs the encrypted (or decrypted) data. • Each round is a sequence of four inner transformations. • The AES standard specifies 128-bit data blocks and 128-bit, 192-bit or 256-bit secret keys.
AES Algorithm – Encryption encryptionalgorithm structure of ageneric round PLAINTEXT SECRET KEY INPUT DATA ROUND KEY 0 ROUND 0 SUBBYTES ROUND KEY 1 ROUND 1 SHIFTROWS KEY SCHEDULE MIXCOLUMNS ROUND KEY 9 ROUND 9 ROUND KEY ADDROUNDKEY ROUND KEY 10 ROUND 10 OUTPUT DATA ENCRYPTED DATA
AES Algorithm – Encryption A little closer look 1. Perform a byte by byte substitution 2. Perform a row by row shift operation 3. Perform a column by column transformation 4. Perform a XOR with a round key No of rounds = 10 for 128 bits 12 for 192 bits 14 for 256 bits
Some facts about AES • AES keys (128bits) 340,000,000,000,000,000,000,000,000,000,000,000,000 possible keys • Suitable for a wide variety of platforms - ranging from smart cards to servers • Much simpler, faster and more secure (than it’s predecessor 3DES )
AES ‘built-into’ products • Navastream Crypto Phones • PGP Mobile for the TREO 650 • Nokia’s solutions for mobile VPN client – AES 256
AES Cracking - 2006 • Assumptions • 3 GHz dedicated processor • 1 clock cycle per key generation • 2^128 keys / 3E9 processes per second = • 1.13E29 seconds • 3.6E21 years, 3.6 Zy (Zetta years) • 3.6 Sextillion years
AES Cracking - Future • 1 Week Decryption • 5.6E32 Hz Processor, 560 MHz Clock Cycles per Key Generation Processor Speed Doubling Rate (Years)
Conclusion • DES has been found to be vulnerable to brute-force attacks. • 3DES, an encryption algorithm with three successive 56-bit keys, makes it a stronger solution but is much slower than DES. • AES is currently still considered free from successful cryptanalytic attacks.